XRUN Security Bounty Categories

XRUN Security Bounty reward payments are made at XRUN sole discretion and are based on the type of issue, the level of access or execution achieved, and the quality of the report. A high-quality research report is critical to help us confirm and address an issue quickly, and could help you receive an Apple Security Bounty reward.


The examples shown for each category are representative of potential XRUN Security Bounty payments. While we’re unable to anticipate specific reward payments in advance, we consider every security issue that has a significant impact to users for an XRUN Security Bounty reward, even if it doesn’t match a published category.

Products Description Reward Range View Examples
Device attack via
phsyical access
Lock Screen bypass $5,000 - $100,000

A "Device attack via physical access - Lock Screen bypass" refers to a security vulnerability where an attacker with physical access to a device (such as a smartphone, tablet, or computer) is able to bypass the lock screen and gain unauthorized access to the system. This type of exploit can occur through a flaw in the lock screen's security mechanisms, allowing attackers to bypass password, PIN, fingerprint, or other forms of authentication without proper authorization.

In a bug bounty context, this vulnerability would be of high concern because it exposes sensitive data or functionality to anyone with physical access to the device, bypassing security measures intended to protect user privacy and information. Reporting this type of issue through a bug bounty program helps the company or organization patch the flaw and protect its users from potential exploitation.

User data extraction $5,000 - $250,000

A Device Attack physical access second ....

Device attack via
user-installed app
Unauthorized access to
sensitive data
$5,000 - $100,000

Device attack user-installed app First

Elevation of privilege $5,000 - $150,000

A Device Attack user-installed app second

Network attack with
user interaction
One-click unauthorized
access to sensitive data
$5,000 - $150,000

Network attack with user interaction First

One-click with
elevation of privilege
$5,000 - $250,000

Network attack with user interaction Second

Network attack
without
user interaction
Zero-click radio to kernel
with phsyical proximity
$5,000 - $500,000

Network attack without user interaction First

Zero-click unauthorized
access to sensitive data
$5,000 - $500,000

Network attack without user interaction Second

Zero-click kernel code
execution with
persistence and kernel
PAC bypass
$100,000 - $1,000,000

Network attack without user interaction Third

Easily send reports on the web.

Considering donating your reward? Apple matches donations of Apple Security Bounty rewards to qualifying causes — like the Ford Foundation’s Dignity and Justice Fund, which helps combat mercenary spyware.